Ask Klaus

Ask Klaus

Kiosk Mode

Hello, Klaus, I have been using Knoppix since version 6.0; however, version 7.3 is awesome.

I would like to get your recommendations on using Knoppix 7.3 as a kiosk in a classroom setting of 21 laptops (WiFi access to sys admin's Knoppix server with attached printer) for email access and surfing websites.

Your suggestions appreciated in advance. JES

A dedicated "kiosk" mode is not yet built into Knoppix. The secure boot option (meant for using with knoppix-terminalserver) when added to the kernel option list, removes the suid flag by the nosuid mount option, so the user cannot mount devices, reconfigure the network, or use su or sudo to gain administrative access. Also, the root shells running on the text consoles are replaced by unprivileged user shells.

This "secure" mode is supposed to prevent users from modifying the local computer's disks and partitions and restrict Internet use to surfing with the preset addresses only. For starting locally from DVD or USB flash disk, the secure option makes only limited sense, because a lot of other programs rely on set-user-ID working on the partition containing executable programs, whereas the terminal server client running diskless from an NFS volume will not change its network addresses anyway – to avoid being locked out.

A more interesting problem would be: How can clients be preconfigured with printers, proxy, and shared network drives, so they don't have to be reconfigured each and every time?

One approach for easily preconfiguring clients is to generate a master installation of Knoppix on a USB flash disk with either an overlay partition or the overlay file knoppix-data.img, which allows you to store local changes permanently over reset.

This solution lets you store:

1. Printer settings in CUPS (use http://localhost:631 for configuration) or network settings (using the network-manager applet in the taskbar).

2. Bookmarks for an intranet web server start page.

3. Shortcuts to an intranet file server in the PCManFM file manager. Note you can use the syntax smb://username@server/sharename to access an SMB network share on a Samba or Windows file server.

4. Add-ons such as a "kiosk mode" browser, browser plugins, and additional software.

After all changes are done, you can copy your "kiosk mode" USB flash disk to a disk image – after a regular shutdown and booting into another Linux installation, because if the USB flash disk is still mounted read/write, your copy will contain an unclean filesystem.

For storing an image, you will need additional space, such as a hard disk partition mounted at /media/sdc1/ in this example. Here, /dev/sdb is the USB flash disk with the kiosk client installation, which contains all the changes made:

cp /dev/sdb /media/sdc1/usbdisk.img

Or, with optional compression:

gzip -1cv /dev/sdb > /media/sdc1/usbdisk.img.gz

To mass-copy the client USB flash disk from the saved image to a new USB flash disk of the same size (assuming the new flash disk is plugged in at a /dev/sdd), use:

cp /media/sdc1/usbdisk.img /dev/sdd

Or, with decompression, use the following:

gzip -dcv /media/sdc1/usbdisk.img.gz >/dev/sdd

The partition table and master boot record will be copied as well. For the system to recognize the changed partition table, the flash disk needs to be reloaded.

JavaScript Required

Dear Sir, I hoped that Knoppix 7.3 that came with Linux Magazine #161 or openSUSE 13.1 (Linux Magazine #162) would at last solve my several years old problem with almost every website: It asks you to use JavaScript. Some of them refuse to continue if you do not.

Can you tell me why there seems to be no Linux release that includes it? By the way: Have you noticed that this Knoppix sets the time zone at EDT, which seems to be Eastern Daylight Time, with the result that the time it shows is five hours behind CET. I wrote them about it but received no reaction. JKN

As a language primarily used for controlling the browser via scripts inside documents, JavaScript is present in Firefox and Chromium, no matter which distro you use. However, because JavaScript can be a security risk due to its potential to manipulate web content shown inside the browser, it is by default turned off for most websites in some distros. This includes Knoppix, where the noscript plugin takes control over which website is allowed for execution of JavaScript and other active content. This is an important security feature that keeps your browser from loading malicious content from infected websites. I'd recommend not turning off this feature in general.

The small "S" logo near the address bar of Firefox/Iceweasel allows you to control JavaScript and dynamic content on a per-website basis. If you want to watch videos using JavaScript/HTML5 or the proprietary flash player, just check the browser's allowance for this site, and it should work as shown in Figure 2.

Figure 2: You can control JavaScript on a per-website basis.

About the time zone issue (see also Linux Magazine #163): On a desktop PC or notebook, there are two clocks: the built-in, real-time (or "BIOS") clock, which is read during boot, and the system time, which is used during normal operation.

Although it is common under Unix/Linux always to leave the BIOS/real-time clock time in Universal time (UTC) and let the system time be set by timezone settings automatically during boot, under Windows, it seems to be common to have the real-time clock in "local time" and even rewrite the real-time clock's time during the daylight saving time switch. It is possible for both operating systems to change the default "BIOS" time interpretation to either "local time" or UTC; however, it's probably easier to do this under Linux than to search for an appropriate setting or registry patch in Windows.

When Knoppix reads the time from the real-time clock, it honors the file /etc/adjtime, which contains the word

UTC

in its last line if the BIOS time is expected in universal time, or

LOCAL

if the BIOS time is "local time" (or rather, "local time difference to UTC").

Changing this file will change Linux behavior when reading the real-time clock with hwclock -s during system start.

However, GNU/Linux systems will not write back their own system time to the BIOS automatically, unless instructed to do so during system shutdown. Windows, however, will do this frequently, so you may still experience differences when switching to and from daylight savings time. You can also change the time zone by the tz=… boot parameter, which is located in boot/syslinux/syslinux.cfg after a flash drive installation.

USB Boot Trouble

Dear Klaus: I was looking forward to trying out your latest release of Knoppix (7.3) as included in Linux Pro Magazine (Issue 161, April 2014).

Knoppix booted just fine from the DVD. I explored some of the Knoppix features and thought that perhaps this was a viable alternative to the Linux Mint that I had been using for some time now. At least it would be an alternative and, if bootable from USB, then an excellent addition to my software resources, without having to commit to a full HD install.

I placed a 16GB USB Flash Drive (tried and tested PNY 16GB Flash Stick) into an available port and attempted to create a bootable USB device using the option on the Knoppix desktop. I choose the r option and allowed for an optional overlay free space. I elected to reformat the drive and lose all previous data. The program seemed to run to completion with no error messages. However, my machine wouldn't boot from the newly created USB. I went into the BIOS and made sure the boot parameters were set to first use USB. Still no boot. Tried on another machine, but no boot.

I then rebooted into my normal OS of Linux Mint 13 and, upon inserting the Flash drive, discovered that the flash drive was no longer detectable by the OS. I tried the other available USB ports, but the OS never even detected its presence. Nada, nothing. Tried another machine running Windows Vista, and again, the flash drive wasn't detected.

Operating on the assumption that perhaps the flash drive I had chosen to use was defective, and that was the problem, I went out and purchased a brand new SanDisk 16GB USB Flash Drive (Cruzer Fit) solely for the purpose of creating a bootable Knoppix system.

First, I tested the Cruzer USB flash, and it seemed to work OK. List files, create files, etc. It already had the SanDisk software on it, which I normally trash since it only works in Windows.

I then once again booted Knoppix from the DVD and attempted to create a USB boot drive. I chose the r option, and the optional overlay space, electing to use 7GB. All seemed to be going well. Then, I got a some strange message panel identifying the mount location but without a message, just a symbol of a red circle with a line through it. And, there were now two processes – both the same Knoppix create USB process – going instead of one! After exiting both of these processes, I found that the new flash drive was, just like the previous one, completely unusable.

Exiting Knoppix, I rebooted my daily system (Linux Mint 13 Maya) and tried to use the most recently "created" flash drive. Once again, the drive was not detected upon insertion into an any available USB port. For all practical purposes, it's dead, not even the activity indicator LED blinks.

What is going on? Is there a bug in the software? If there were a fatal problem during the processing shouldn't the software report an error message? Please advise.

In both cases, the USB flash disks seem to be defective. I'm a little puzzled, because chances are very small that you buy two different brands and both are defective after a write attempt; however, it is even more unlikely that your computer killed them. Opposed to SD card readers, USB controllers usually don't kill USB flash drives of brands they don't like; it's rather the controller on the flash drive itself that fails.

I've had a few cheap USB flash drives that started failing as soon as you write more than a few megabytes at once, this seems to be a chip design failure and of course is a warranty case. Flash drives should not break so easily, no matter which kind of data you write and regardless of whether you chose to repartition. If they do, they were defective on delivery (or by design).

All that the flash-knoppix installer does is repartition the flash drive, create a filesystem on both partitions, and copy data from the DVD to the filesystem – a very standard procedure. There is not much that could fail here if the flash drive is OK.

The second process you may have seen, btw, is probably the "fork" displaying the progress bar in parallel to the real writing process. It will go away if you close the progress bar or if the copying is finished. The script does not really run twice, it just launches a subprocess for the visual feedback.

A common case that is known to break SD flash as well as (rarely) USB flash drives is when you unplug the device while data is being written on it. The internal controller can lose track of its wear level and defective block list, and, in the worst case, forget about the total capacity of the drive. An indication of this happening is when it's no longer possible to repartition the drive and create a filesystem, or if the capacity shown in the command

cat /proc/partitions

is just a few megabytes instead of the 8 or 16GB it had before. So, make sure that you don't unplug before writing to flash is complete. Unfortunately, all visual indicators are unreliable (progress bars as well as a blinking LED on the device); you may just have to wait five or more seconds after the write process ended before unplugging. I still assume it's a warranty case if a flash dies because of this, and you should get a free replacement for the defective USB flash disk at the store that sold it to you.

Klaus Knopper

Klaus Knopper is the creator of Knoppix and co-founder of LinuxTag expo. He currently is a Professor, Dipl. Ing., at the University of Applied Sciences Kaiserslautern. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com